I would like to see Remote Packet Capture Protocol implemented so that we can setup a router as a WireShark remote interface. It would allow for better packet capturing and filtering than the current method.
You can do this already.
http://wiki.mikrotik.com/wiki/Ethereal/Wireshark
Follow the directions in the wiki and set the display filter in wireshark to tzsp.
Sent from my Nexus 7 using Tapatalk
I would like to direct you to:
The existing method is cumbersome and is not as good as if the frames showed up outside of tzsp.
If you have a request for a different implementation, it would be best to include the different options that would work better for you.
Personally, tzsp had worked fine for my needs.
Sent from my Nexus 7 using Tapatalk
https://www.wireshark.org/docs/wsug_html_chunked/ChCapInterfaceRemoteSection.html
The Remote Packet Capture Protocol service must first be running on the target platform before Wireshark can connect to it. The easiest way is to install WinPcap from > http://www.winpcap.org/install/default.htm > on the target. Once installation is completed go to the Services control panel, find the Remote Packet Capture Protocol service and start it.
There are some differences between the protocols, but the main difference is that RPCAP supports authentication. The rest of the settings on that page are just how they decided to implement the interface and controls - not the protocol itself.
Not doing it the way WireShark natively supports increases the difficulty and you get a different set of information. If it isn’t that hard to do it WireShark’s way, then support WireShark’s way.